DHCP Addresses

This network has DHCP scope that has IP addresses starting with 192.192.192.10 through 192.192.192.254.
No one has any idea who/what computers are using addresses 192.192.192.2 through 192.192.192.9.
How do I determine who/what these addresses are assigned to?
Thanks for all assistance.

Answer Wiki

Try NBTScan from www.inetcat.org/software/nbtscan.html
and query the range to see if it can get you any Windows Netbios info. I know it returns the netbios name from Windows XP, Windows 2000 including server, Windows 2003 server, and linux servers running SAMBA because I just tried it.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your response...

Discuss This Question: 11 &nbspReplies

There was an error processing your information. Please try again later.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

The normal pattern for network engineers is to exclude either a low block, or a high block, from DHCP and use those addresses on servers, routers and network attached printers. Look around and see what network attached printers, and servers you have, and get their IP addresses.
Especially compare any ip addresses with your default gateway address.
Trying pinging the addresses (all of them). Then if any pings are successful, you'll know there is a device on the network with that IP address. Do an 'arp -a' to get the MAC addresses of the network cards associated with the device. (or better yet 'arp -a > macaddress.txt' then run 'notepad macaddress.txt' so you can cut and paste the MAC addresses.
Go to www.techzoom.net/nettools-macdecode.asp and run the MAC addresses to give you the manufacturer of the network card. From the manufacturer of the network card you may be able to isolate which device corresponds to an IP address.
Many network switches have administrative interfaces, usually web based. If yours has one, go into the administrative interface and see if one of the details it gives you is the MAC address of the computer attached on each port. If so, compare the MAC addresses from the 'arp -a' against the ports, and write down the port # for each of the IP addresses. Now go to the switch and hand over hand run the cable from each of the ports, and see where they go.
You may be able to sniff on traffic to/from each of the devices, (ethereal works well) and from that figure out which device has that IP address.
Since 192.192.0.0 is assigned to the Ministry of Education Computer Center, Taipei Taiwan, I would give this as an advanced project for some of the students who want to be network administrators.

A nice little gui tool I have found to get just such info is the angry IP scanner.
Angry IP scanner is a very fast IP scanner and port scanner. It can scan IP addresses in any range as well as any of their ports. Its binary file size is very small compared to other IP or port scanners.
Angry IP scanner simply pings each IP address to check if it's alive, then optionally it is resolving its hostname, determines the MAC address, scans ports, etc. The amount of gathered data about each host can be extended with the available plugins.
It also has additional features, like NetBIOS information (computer name, workgroup name, and currently logged in Windows user), favorite IP address ranges, customizable openers, etc.
Scanning results can be saved to CSV, TXT, HTML, XML or IP-Port list file, can be used as a command-line utility in a batch file, etc. With help of plugins, Angry IP Scanner can gather any information about scanned IPs. Anybody who can write code is able to write plugins and extend functionality of Angry IP Scanner.
In order to increase scanning speed, it uses multithreaded approach: a separate thread is created for each scanned IP address.
It is free and open-source software, so use it at your own risk.
Find it here: http://www.angryziber.com/ipscan/

From any XP machine, you could try nbtstat. It is part of Windows. You could write a batch file to run the whole range. Run "nbtstat -A 192.192.192.10" to get the name of each computer. If you have a Linux machine, load LinNeighborhood. It can list all of the workgroups, the systems in the workgroup and the available shares.

As with all the answers below, you can try superscan as well. This tool will tell you what ports are open as well and tell if you can browse them. Most likely, they are printers, our switches. Use this tool then expand the ports. If http is available, then browse it and see what it is.
You can also use DAMEWARE. This will only tell you if it is a WINDOWS based machine. Then you can shut it dowm shut down services, send the machine a MSG via lan.
Good luck.

you could run Microsoft Baseline Security Analyzer and specify the range of addresses. It should return some information, plus tell where you stand on security, unless they are just devices such as printers, etc.
Ping them as mentioned earlier to see if they respond.
You could also set up some other devices with those addresses and if you get conflicts, wait for the "Help Desk Call".....that'll tell you.....
good luck and Merry Christmas!

Another good scanner is GFI LANguard Network Security Scanner.
word of caution - some network devices shutdown ping response for security. be prepared to break the network if you are discovering these devices for the first time.
documenting what you find would be a good idea.

Well I am going to assume these are hooked to switches. Therefore I would check the arp cache for the address after you ping it. Assuming you can ping it. The mac address will tell you what type of device it is ie: manufacturer and type. Such as HP printer.

Angry IP Scanner is great.
Also, in the Windows (if it applies) DHCP server you should have a documented "Reserved" section.
You could have IPs based on MAC addresses and force DHCP.
You should be able to manage all IPs in your network.
I believe these adresses are for servers and printers: have a database for these.

I know it's a little too obvious but where is DHCP coming from? If it's a server, check and see what devices have reservations, as this will contain a list of printers, switches and other devices. As far as computers, you can use "ping -a ipaddress" to get the hostname of the computer with that address.
Not as pretty as the GUI programs available but in a rush it works.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your reply...

Ask a Question

Free Guide: Managing storage for virtual environments

Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!

Share this item with your network:

To follow this tag...

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy